Member Avatar for spokie

hey there im hoping that someone can help me in solving this problem i keep on getting this error when i try to connect from register.html to register.php.
Here is my code!

<?php
//Database Information

$dbhost = "localhost";
$dbname = "musicwebsite";
$dbuser = "root";
$dbpass = "xxxx";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$firstname = $_POST['firstname'];
$lastname = $_POST[‘lastname’];
$address= $_POST[‘address’];
$username = $_POST['username'];
$password = md5($_POST['password']);
$confirmpassword = md5($_POST['confirmpassword']);
$email = $_POST['email'];     


$checksignin = mysql_query("SELECT username FROM signin WHERE username='$username'"); 

$username_exist = mysql_num_rows($checkuser);

if($username_exist > 0){
    echo "I'm sorry but the username you specified has already been taken.  Please pick another one.";
    unset($username);
    include 'register.html';
    exit();
}

$query = "INSERT INTO signin (firstname, lastname, address, username, password, confirmpassword, email)
VALUES('$firstname',’$lastname’, ‘$address’, '$username', ‘$password’, ‘$confirmpassword’, '$email',)";
mysql_query($query) or die(mysql_error());
mysql_close();

echo "You have successfully Registered";

$yoursite = ‘[url]www.sitename.co.za’;[/url]
$webmaster = ‘Siphokazi’;
$youremail = ‘ewew@webmail.co.za’;

$subject = "You have successfully registered at $yoursite...";
$message = "Dear $name, you are now registered at our web site.  
    To login, simply go to our web page and enter in the following details in the login form:
    Username: $username
    Password: $password
    
    Please print this information out and store it for future reference.
    
    Thanks,
    $webmaster";
    
mail($email, $subject, $message, "From: $yoursite <$youremail>\nX-Mailer:PHP/" . phpversion());
    
echo "Your information has been mailed to your email address.";

?>

Thanks in advance for the help!!!

  • 4 Contributors
  • 9 Replies
  • 820 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by spokie
Member Avatar for Will Gresham

Do you notice anything wrong with line 41?

$yoursite = ‘[url]www.sitename.co.za’;[/url]
Member Avatar for somedude3488

i think that is the site trying to parse the url. not the code.

Member Avatar for Rhyan

Guys, I am actually interested in the single quotes used - i mean one time quotes used are like this [ ‘ ] or [ ’ ], the other time used they are as supposed to be [ ' ].
I am not sure whether PHP correctly parses both symbols, but to me doesn't seem to be OK.

Another thing I have observed is the fact that for PHP versions 5.x, the parser to some reason in some cases does not correctly evaluate whether strings delimited by double quotes contain variables, therefore variables are not substituted by their values.

And at the end, we have 2 variables on row 46, so it is hard to determine which one is the erroneous, but I think the problem lies somewhere above this line...

Member Avatar for Will Gresham

i think that is the site trying to parse the url. not the code.

Possibly, we'll need the OP to confirm that :)


Also, I will point out that there is no sanitation of the values.. Never a good idea to put POST data directly into SQL or such without checking what the user has actually entered.

Member Avatar for spokie

Thanks Guys for replying to my post and i edited out the url tag but im still getting the same error, Please Help Me!!
:confused:

Member Avatar for somedude3488

ok, i rewrote the code. i added some extra security but there is much more you need to do make it secure enough for actual use.

let me know if this works. its untested.

<?php

//DB Info
$dbhost = 'localhost';
$dbname = 'musicwebsite';
$dbuser = 'root';
$dbpass = 'asdkfj';

$con = mysql_connect( $dbhost,$dbuser,$dbpass ) or die( 'Unable to connect: ' . mysql_error() );
mysql_select_db( $dbname,$con ) or die( "Unable to select database: {$dbname}" );

if ( count( $_POST ) > 0 ) {
	array_map( 'mysql_real_escape_string',&$_POST );
}

foreach( $_POST as $key => $value ) {
	${$key} = $value;
}
$password        = md5( $password );
$confirmpassword = md5( $confirmpassword );

$sql   = "SELECT `username` FROM `signin` WHERE `username` = '{$username}'";
$query = mysql_query( $sql,$con );
$total = mysql_num_rows( $query );
if ( $total > 0 ) {
	echo "Username already taken, please pick another one.";
	include 'register.html';
	exit;
}

$sql   = "INSERT INTO `signin` (`firstname`,`lastname`,`address`,`username`,`password`,`confirmpassword`,`email`) VALUES ('{$firstname}','{$lastname}','{$address}','{$password}','{$confirmpassword}','{$email}')";
$query = mysql_query( $sql,$con ) or die( 'Error: ' . mysql_error() );
mysql_close( $con );

echo "You have successfully registered";

$yoursite  = 'www.sitename.co.za';
$webmaster = 'Siphokazi';
$email     = 'ewew@webmail.co.za';
$subject   = "You have successfully registered at {$yoursite}...";
$message   =<<<EMAIL
Dear {$name}, you are now registered at our website.

To login, simply go to our webpage and enter in the following details in the login form:

Username: {$username}
Password: {$password}

Please print this information out and store it for future reference.

Thanks,

{$webmaster}
EMAIL;

mail( $email,$subject,$message,"From: {$yoursite}<{$email}>" );

echo "Your information has been mailed to your email address.";

?>
Member Avatar for spokie

Thanks Keith!! But now its says Error: Column count does not match value at row 1! Do you happen to know what i can do next???

Member Avatar for somedude3488

in the sql query, i forgot the username in the values. add that and it should work.

Member Avatar for spokie

hey keith thanks for your help!!! I Got i right!!!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.